Poor password choices, password reuse and password sharing are poor behaviors from a security perspective. Users often choose passwords that can be easily guessed. If such passwords have previously been associated with a breach, then it is likely bad actors will try those passwords to gain access to a user's account. Users often reuse passwords. Therefore, if a breach occurs and the username and password for one login become known to bad actors, those details may also be valid for other user logins, which increases the harm that those bad actors can cause. Users also sometimes share passwords with colleagues. Therefore, a password that has been used in a breach against one user in a domain may also be of use to bad actors for other users in the same domain. Organizations are able to run a test comparing an active directory list against publicly available sources of information on password breaches to see if any user-provided passwords have been part of an existing data breach. However, this doesn't provide any training or action to prevent users from performing actions which make future passwords more likely to be susceptible. Existing solutions detect that a password has been associated with a breach and prompt the user to change it. They do not address the behaviors that led to the choice of that password.